1. samincqu

    OP samincqu Newbie
    Newcomer

    Joined:
    Apr 25, 2021
    Messages:
    4
    Country:
    China
    Hi,
    As we know all of the HACK on Switch is based on the RCM bug in Tegra bootrom. For years this bug is still there, while Nitendo has sold out 80+ million products and even new chipset was used instead of the old one. Based on my experience in the field of embedded devices, fix the bug and upgrade the bootrom is a very easy job, at least for the newest products. But, do anyone knows why Nvidia does never fix this bug?
     
  2. ZachyCatGames

    ZachyCatGames GBAtemp Psycho!
    Member

    Joined:
    Jun 19, 2018
    Messages:
    3,199
    Country:
    United States
    Nintendo started shipping devices with an ipatch to fix the bug back in 2018, and the bug is completely eliminated on Mariko.
     
    Tac 21 likes this.
  3. thesjaakspoiler

    thesjaakspoiler GBAtemp Fan
    Member

    Joined:
    Nov 20, 2018
    Messages:
    328
    Country:
    Afghanistan
    RCM is not a bug but a normal feature on modern microprocessors.
    RCM is present on most devices as way to recover the device in case the main (flash) storage fails.
    Just like with computers being able to boot from an usb stick.
    Technically Nintendo could have disallowed users to use the RCM mode.
    But they allowed it, most likely for repairing Switched themselves.
    The exploit isn't the RCM mode itself, it's a bug in the USB driver.
    As mentioned in the post above, Nintendo fixed that in newer Switches.
    The RCM mode itself is still active although it can't execute the exploit anymore.
     
  4. samincqu

    OP samincqu Newbie
    Newcomer

    Joined:
    Apr 25, 2021
    Messages:
    4
    Country:
    China
    I refered to the bug in RCM mode in Tegra. What I heard is the bootrom copies the payload in the packet to the memory without any limitation. Thus the stack is overwritten by the un-limited payload. This is definitely a bug implemented in the bootrom. And this is what I said "very easy job" to fix -- just limit the payload size and deliver a new bootrom firmware to Nitendo. But till now we still can hack it (include the newest model Marico) by SX_core suite.
    I have this question is because I see there is a new hack suite named "HW Fly" is delivered online. In order to hack the Mariko Switch through RCM bug. If Nvidia/Nitendo have fixed the bug I mentioned why the Mariko still can be hacked?
     
  5. ZachyCatGames

    ZachyCatGames GBAtemp Psycho!
    Member

    Joined:
    Jun 19, 2018
    Messages:
    3,199
    Country:
    United States
    On Erista Nintendo did fix it using an ipatch that limits the size, on mariko it didn't ever exist as mariko doesn't support using the USB2 controller for RCM.
    The SX Core/HWFly don't use the RCM bug, they glitch the bpmp during BCT validation to make it think a fake BCT is valid.
     
    Last edited by ZachyCatGames, May 7, 2021
    HenryMin and linuxares like this.
  6. linuxares

    linuxares I'm not a generous god!
    Moderator

    Joined:
    Aug 5, 2007
    Messages:
    8,682
    Country:
    Sweden
    Sadly this will just become a ton of e-waste since they can't flash new firmware to it. If there isn't a super secret way for them to do it.
     
  7. Sora Takihawa

    Sora Takihawa GBAtemp Psycho!
    Member

    Joined:
    Oct 11, 2015
    Messages:
    3,549
    Country:
    Germany
    i know its the wrong place but can someone recommend me a person here who does switch repairs? i replaced my sd slot cause my switch didnt read sd cards......but i see that the pins on my mobo are faulty and i cant do it myself.
     
  8. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08
    Member

    Joined:
    Mar 17, 2010
    Messages:
    20,813
    Country:
    Norway
    They did. It's been fixed in new Switches since before Mariko. They can't patch existing devices that already have the bug because there is limited room in the SoC for firmware updates and it was already full from the factory.
     
  9. samincqu

    OP samincqu Newbie
    Newcomer

    Joined:
    Apr 25, 2021
    Messages:
    4
    Country:
    China
    Thanks for your answer. It turns out that sx_core hacks Switch in another way! It makes sense why we can still hack the Switch till now.
    Let me search and get to know about the new hack method :)
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - doesnt, Nvidia,